Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ПµНі№Шјь·юОс] 'Start' = '00000002'
- %TEMP%\svchost.exe
- %WINDIR%\svchost.exe
- C:\cftswg.exe
- %TEMP%\cftswg.exe
- <SYSTEM32>\wscript.exe "C:\cfwgw.vbs"
- <SYSTEM32>\svchost.exe
- %WINDIR%\svchost.exe
- %WINDIR%\explorer.log
- C:\list.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\config[1].txt
- C:\cfwgw.vbs
- C:\cftswg.exe
- %TEMP%\svchost.exe
- %TEMP%\cftswg.exe
- C:\list.txt
- %TEMP%\svchost.exe
- 'www.i-##c.co.kr':80
- 'www.18#4.cc':80
- '<IP-адрес в локальной сети>':139
- '<IP-адрес в локальной сети>':445
- 'localhost':1036
- '<IP-адрес в локальной сети>':80
- www.18#4.cc/Count.asp?ve#######################
- www.i-##c.co.kr/css/config.txt
- DNS ASK www.18#4.cc
- DNS ASK www.i-##c.co.kr
- ClassName: 'SysListView32' WindowName: ''
- ClassName: '#32770' WindowName: ''
- ClassName: '#32770' WindowName: 'Windows ??????????'